Across software supply chain incidents and SaaS compromises over the past 12 months, the pattern is the same every time: attackers land on a developer or privileged endpoint, harvest valid credentials sitting in plaintext, and use those credentials to move laterally into production code, cloud control planes, and SaaS apps. The developer endpoint is back at the center of the breach story. The threat model is the part that’s moved.
Attackers have stopped hunting for zero-days when developer endpoints and CI pipelines already hand them the credentials they need. The self-replicating Mini Shai-Hulud worm has compromised more than 300 npm and PyPI packages. The Bitwarden CLI compromise, the Trivy → LiteLLM campaign, and the April 2026 Vercel exposure followed the same pattern: credentials cached on developer or CI endpoints, harvested at scale.
A new exposure class is making the problem worse. Coding agents and MCP servers, now standard on developer and employee machines, generate credentials that persist after a session, pull secrets from password managers and vaults, and routinely leave copies in log files, shell history, and IDE caches. Most organizations deploying these tools have no inventory of what they create or leave behind, and existing security tools are not instrumented to find it.
“Attackers have figured out that secrets at rest on endpoints, especially for non-human identities (NHIs) and API keys, are just as valuable as stolen credentials in Active Directory,” said Ken Buckler, Information Security Research Director at Enterprise Management Associates (EMA). “EDR focuses on malicious processes; identity programs only see secrets after they’re used – so the endpoint becomes the gap. The organizations winning this fight are the ones treating endpoint secrets discovery as a first-class security problem, not bolting it onto EDR as an afterthought.”
The Three Moves Defenders Are Making
Incident responders converge on three moves. First, treat every developer and privileged endpoint as a credential store and inventory them as such. Second, prioritize credentials by what they grant access to, not by where they were found. Third, shorten the lifetime of anything that cannot be removed. Defenders who can answer “what was on this machine on this date” recover faster from a supply-chain hit.
How Endpoint Protection helps
Endpoint Protection closes three gaps that existing security stacks leave wide open:
Remediation at the source: redacts secrets from shell and command history, migrates active credentials into vaults and local secrets managers, and prevents coding AI agents from spreading secrets across the machine through GitGuardian agent hooks.
Blast-radius containment: continuously hunts plaintext credentials across every endpoint, scores each by severity and access scope, and pushes high-risk findings straight into the SOC, SIEM, and SOAR, ready to act on the moment a breach lands.
Live attack detection: honeytokens fire the moment an infostealer steals a credential and auto-validate it from the laptop, giving security teams attribution-rich alerts in real time, not low-confidence signals after the fact.
“Over the past few months, barely a week has gone by without a major breach involving credentials stolen from a laptop,” said Eric Fourrier, CEO and co-founder of GitGuardian. Our beta program data shows an average of 150 secrets on developer laptops, with some even ranging into the thousands. Among these secrets, private keys account for 38% of unique secrets, while cloud, identity provider, and secret management credentials like AWS IAM and Hashicorp Vault add another 22%. And the most interesting point is that 40% of secrets are found in AI directories/logs, demonstrating the impact of AI adoption. The partition between code-resident and endpoint-resident credentials no longer exists for attackers, and it cannot exist for defenders.”